Self-service terminal

ABSTRACT

A self-service terminal ( 14 ), such as an ATM, and a portable electronic device ( 24 ), such as a cellular telephone or a PDA, are described The ATM has a communication port ( 42 ) for interfacing with a user&#39;s electronic device ( 24 ); a dispenser ( 32 ) for dispensing valuable items; and an authorization approval facility for approving a transaction authorization. The terminal ( 14 ) is operable to receive a transaction authorization from a user&#39;s device ( 24 ), to examine the transaction authorization, and to dispense an item to fulfil a requested transaction associated with the transaction authorization, without the terminal preparing an authorization request.

BACKGROUND OF THE INVENTION

[0001] The present invention relates to a self-service terminal (SST),such as an automated teller machine (ATM). In particular, the inventionrelates to a low cost ATM.

[0002] An ATM is expensive to buy and to maintain. One of the reasonsthat ATMs are so expensive to buy is that they are secure devices thatrequire high levels of:

[0003] (1) physical security (such as a safe) to store currency andother valuable media, and

[0004] (2) electronic security (such as DES encryption and associatedcryptographic devices) to ensure that a customer's PIN (personalidentification number) is not compromised when conveyed between modulesin the ATM or outside the ATM to an authorization center.

[0005] ATMs also require expensive user interfaces. Typical ATMs includea large display and one or more loudspeakers for presenting visual andaudible information to a user. Typical ATMs also include an encryptingPIN keypad and function display keys (FDKs) to allow a user to enterselections and transaction details.

[0006] A further factor that increases the cost of an ATM is that theATM requires highly reliable telecommunications links to enable it tocommunicate with a remote authorization center for authorizingtransactions requested by users. Typically ATMs are either:

[0007] (1) connected to a dedicated ATM network through whichtransaction information is routed; or

[0008] (2) connected to a public telephone network via a modem withinthe ATM, so that the ATM dials a telephone number of an authorizationcenter when a transaction requires authorization.

[0009] In addition to increasing the cost of buying an ATM, therequirement for reliable telecommunications links also increases thecost of running the ATM. The need for reliable telecommunications linksalso limits the possibility of locating the ATM in areas which do nothave a reliable telecommunication infrastructure, or in locations thatare not well-suited to a connection to a fixed-point telecommunicationsline, such as trains or other vehicles.

SUMMARY OF THE INVENTION

[0010] It is among the objects of one or more embodiments of the presentinvention to obviate or mitigate one or more of the above disadvantagesor other disadvantages associated with prior art self-service terminals.

[0011] According to a first aspect of the invention there is provided aself-service terminal characterized in that the terminal comprises: acommunication port for interfacing with a user's portable electronicdevice and for receiving a transaction authorization therefrom; and anauthorization approval facility for approving a requested transaction inthe event of the transaction authorization meeting a predeterminedacceptance criterion; whereby the terminal is operable to receive arequested transaction from a user's device and to fulfil the requestedtransaction without the terminal preparing an authorization request.

[0012] The terminal may further comprise a dispenser for dispensingitems; whereby the terminal is operable to receive a requestedtransaction from a user's device and to dispense an item to fulfil therequested transaction without the terminal preparing an authorizationrequest.

[0013] The dispenser may dispense physical items, such as banknotes,tickets, coupons, money orders, or such like. Alternatively oradditionally, the dispenser may dispense virtual items, such as data.The data may be dispensed in electronic, optical, magnetic or such likeformat. The data may be in a format suitable for being executed as aprogram or application on the user's device, or may convey informationto the user.

[0014] The terminal may further comprise a storage area for receiving anitem inserted by a user; whereby the terminal is operable to receive arequested transaction from a user's device and to receive an item from auser as part of the requested transaction without the terminal preparingan authorization request. The terminal may credit funds to a user'saccount if the received item is a financial instrument, such as a check,money order, or such like.

[0015] The storage area may be a physical receptacle for storingbanknotes, checks, or other physical items. Alternatively, the storagearea may be in the form of storage media (such as a magnetic disk drive)for storing electronic items (such as data uploaded from a user'sportable device to the terminal).

[0016] By virtue of this aspect of the present invention, a self-serviceterminal is provided that does not require any telecommunications links(such as a network connection) because the terminal does not obtainauthorization from any device outwith itself. The terminal does notrequire any user interface (screen, encrypting PIN keypad, and suchlike) as all information is sent from and to the portable electronicdevice. The terminal does not need access to any network, as theportable device obtains authorization itself. As a result, the terminalis inexpensive and can be located anywhere, provided an electronicdevice can establish a communication there.

[0017] The requested transaction may consist of the transactionauthorization, so that only the transaction authorization is transmittedto the terminal. Alternatively, the requested transaction may comprisethe transaction authorization and additional information. The additionalinformation may be used to reduce the possibility of fraud.

[0018] The communication port may be a wireless communication port, suchas an infra-red (IR) port, a radio-frequency (RF) port, or such like. AnIR port may be an IrDA (infra-red data association) compliant port. AnRF port may be a Bluetooth (trade mark) port, or such like.Alternatively, the port may be a physical cradle into which the user'sportable device couples, so that the device docks in the port.

[0019] The user's portable device may be a cellular radiotelephone, apersonal digital assistant (PDA), an Internet access device, or suchlike.

[0020] Preferably, the user's portable device includes atelecommunications link so that the portable device can dial a telephonenumber associated with an authorization center for authorizing atransaction. Alternatively, but much less preferred, the user's portabledevice may not include any telecommunications links, each transactionbeing pre-authorized at an authorization site that connects to anauthorization center.

[0021] The dispenser may be, for example, a cash dispenser fordispensing banknotes; a ticket dispenser for dispensing tickets,coupons, or other media; or a commodity dispenser for dispensing acommodity item, such as an integrated circuit for use in a cellularphone; or such like.

[0022] The authorization approval facility may be a cryptographic devicecomprising a cryptographic processor, a secure memory, and anencryption/decryption algorithm. The authorization approval facility maybe implemented by an encrypting keypad, so that the keypad is used toexamine and authorize a requested transaction.

[0023] The predetermined acceptance criterion may include the presenceof a signature and/or a certificate issued by an authorizationauthority, so that the authorization approval facility examines thetransaction authorization to determine if a signature and/or certificateis present.

[0024] The terminal may store each transaction authorization for provingthat a transaction was executed.

[0025] The terminal may be an ATM. Alternatively, the terminal may be adispensing kiosk or a kiosk for receiving items from a user, where theitems may be physical (such as tickets, coupons, or such like) orvirtual (data stored in electronic, optical, magnetic, or such likeformat).

[0026] According to a second aspect of the present invention there isprovided a portable electronic device having a telecommunication link,characterized in that the device includes a user interface for enteringa transaction, an authorization request facility for preparing anauthorization request including details of the entered transaction, anda communication port for interfacing with a self-service terminal;whereby, the device is operable to transmit an authorization request toa remote authorization center, to receive a transaction authorizationtherefrom, and to transmit the transaction authorization to a terminalfor fulfilling the prepared transaction.

[0027] The portable device may execute a transaction using the followingsteps:

[0028] (1) dialing the telephone number of a remote authorizationcenter,

[0029] (2) transmitting an authorization request including an identifierand a requested transaction (which was pre-entered by the user) to theauthorization center,

[0030] (3) receiving a transaction authorization (in the form of anelectronic token) from the authorization center to indicate that therequested transaction has been authorized, and

[0031] (4) transmitting the transaction authorization (electronic token)to the terminal.

[0032] The ATM receives this authorization token, examines the token toensure that it is authentic (this may involve reading a digitalsignature and/or a digital certificate stored in the token), stores thetoken in a secure memory, and dispenses the requested cash (or otheritem).

[0033] The identifier in step (2) includes details of the user'saccount, and may also include details of the portable device and/or theterminal at which the transaction is to be executed.

[0034] Each terminal may have a unique code. The code may be transmittedelectronically to the portable device via the communication port.

[0035] The code may include a digital signature unique to the terminal.The code may also include time/date information relating to when thecode was transmitted to the portable device. In some embodiments, theauthorization center may only authorize an authorization request if therequest includes a valid terminal identification, recent time/dateinformation, and the signature associated with the identified terminal.

[0036] The authorization request facility may be operable to includedetails of the transaction requested and/or an expiry time and/or datefor the transaction, in addition to an authorization for thetransaction.

[0037] The authorization request facility may be operable to includedetails of a specific terminal on which the transaction may be executed.This has the advantage that users will typically only authorize atransaction when in the vicinity of a terminal, thereby avoiding theproblem of a user carrying a pre-authorized transaction on his/herportable electronic device.

[0038] The authorization request facility may be operable to includedetails specific to the user's portable electronic device, so that onlythat device can be used to execute the authorized transaction. This hasthe advantage of avoiding or at least reducing the possibility of fraud,for example by replay attacks.

[0039] An institution may provide a user with software for installing onthe user's portable device so that the telephone number of theinstitution's authorization center is dialed each time a transaction isto be authorized. The institution's authorization center may be operatedby the institution; alternatively, the institution may have a partneragreement with the authorization center.

[0040] Each terminal may have an assigned telephone number (which may bedisplayed prominently on a visual display or on a label attached to theterminal) so that the portable device can obtain a transactionauthorization by dialing this number. The number may be transmitted fromthe terminal to the portable device via the communication ports.

[0041] According to a third aspect of the present invention there isprovided a system comprising the terminal of the first aspect of theinvention in communication with the portable device of the second aspectof the invention.

[0042] According to a fourth aspect of the present invention there isprovided an authorization request facility for executing on a portableelectronic device, the facility being operable to prepare anauthorization request including details of an entered transaction fortransmission to a self-service terminal.

[0043] According to a fifth aspect of the invention there is provided apublic access docking terminal for a portable electronic device, thedocking terminal being operable to extend the functionality of theportable terminal, and to provide services on receipt of a transactionauthorization communicated from a portable electronic device to theterminal.

[0044] The docking terminal may require the portable device to bephysically coupled thereto. Alternatively, the docking device mayrequire the portable device to be in wireless communication thereto.

[0045] It will now be appreciated that the above aspects of theinvention have the advantage that a terminal does not transmit atransaction for authorization: the user's portable device obtainsauthorization from a remote center and the terminal validates theauthorization locally. This greatly reduces the cost of owning andmaintaining a terminal such as an ATM, particularly as the userinterface on a terminal can be very simple because a user enters atransaction on his/her own user interface (on the portable electronicdevice). The cost of maintaining such a terminal is also reduced becausethere are no telecommunications costs associated with each transaction.

BRIEF DESCRIPTION OF THE DRAWINGS

[0046] These and other aspects of the present invention will be apparentfrom the following specific description, given by way of example, withreference to the accompanying drawings, in which:

[0047]FIG. 1 is a block diagram of a self-service terminal system inaccordance with one embodiment of the invention;

[0048]FIG. 2 is a schematic front view of a terminal of FIG. 1;

[0049]FIG. 3 is a block diagram of the portable electronic device ofFIG. 1;

[0050]FIG. 4 is a schematic view of the portable device of FIG. 3;

[0051]FIG. 5 is a block diagram of a controller in the device of FIG. 3;

[0052]FIG. 6 is a block diagram of a memory in the device of FIG. 3;

[0053]FIG. 7 is a pictorial representation of the display of the deviceof FIG. 3 during preparation of a transaction;

[0054]FIG. 8 is a schematic diagram illustrating a user operating theportable device of FIG. 3 in the vicinity of the terminal of FIG. 1; and

[0055]FIG. 9 is a flowchart illustrating the steps involved in obtaininga transaction authorization.

DETAILED DESCRIPTION

[0056] Referring now to FIG. 1, which is a block diagram of aself-service terminal system 10 in accordance with one embodiment of thepresent invention, the system 10 comprises an authorization center 12and a plurality of SSTs 14 (only two of which are shown) which are ATMs.

[0057] The center 12 includes an authorization facility 16 forauthorizing an authorization request, a back-office facility 18 forrecording transactions and other administrative functions, and atelecommunication link 20 for receiving and transmitting authorizationinformation. The ATMs 14 are not connected to the authorization center12, and do not include any telecommunications facility.

[0058]FIG. 1 also shows one type of portable electronic device 24 in theform of a GSM cellular radiotelephone (hereinafter referred to as acellphone) in the vicinity of one of the ATMs 14. Suitable GSMcellphones include the Nokia (trade mark) 7110 cellphone.

[0059]FIG. 2 is a schematic diagram of one of the ATMs 14 of FIG. 1. TheATM 14 has a safe 28 housing a processing module 30 (shown in brokenline) coupled to a dispenser 32 (shown in broken line) and an approvalfacility 34 (also shown in broken line). The processing module 30includes volatile and non-volatile memory (not shown). The dispenser 32is a cash dispenser. The approval facility 34 is in the form of acryptographic device that includes a cryptographic processor 36 and asecure memory 38.

[0060] The ATM 14 has a simple user interface 40 comprising acommunications port 42 coupled to the processor 30, and a dispense area44 in the form of a tray for receiving bank notes. The port 42 is awireless IR port in the form of an IrDA-compliant module for receivingand transmitting information in infra-red format.

[0061]FIG. 3 illustrates the architecture of cellphone 24. Cellphone 24comprises a controller 52, a loudspeaker 54, a microphone 56, agraphical display 58, a wireless communication port 60 in the form of anIrDA-compliant infra-red port, a keypad 62, a coder/decoder (codec) 64,an RF transmitter circuit 66, an RF receiver circuit 68, and an externalantenna 70.

[0062]FIG. 4 is a schematic view of the cellphone 24, which has a body80 housing the loudspeaker 54, the microphone 56, keypad 62, thegraphics display 58, the antenna 70, and the IrDA port 60.

[0063] Referring to FIGS. 5 and 6, the controller 52, which isresponsible for the operation of the device 24, comprises amicroprocessor 90, a volatile memory 92, a non-volatile memory 94, andan interface 94 for outputting and for receiving control signals.

[0064] As is known to those of skill in the art, the non-volatile memory94, which may be EEPROM, stores the control programs 96 (FIG. 6)required for radio communication and for controlling the port 60. When auser of the cellphone 24 activates a control switch (not shown), thecellphone 24 executes a routine in the control programs 96 fortransmitting and receiving signals via the port 60.

[0065] As is also known to those of skill in the art, the volatilememory 92, which may be RAM, records transmission and reception controlinformation required for radio communication, including dialinformation.

[0066] The microprocessor 90 uses the stored control programs 96 toexecute control processes relating to radio communication.

[0067] In use, the microprocessor 90 loads the required control programs96 from the EEPROM 94 into the RAM 92. The microprocessor 90 also loadsan authorization request facility in the form of an ATM transactionprogram 98 from the EEPROM 94 into the RAM 92.

[0068] The transaction program 98 provides a user of the cellphone 24with a user interface for preparing transactions for executing on theATM 14 and also provides an encryption/decryption facility forencrypting any transactions to be transmitted or stored. The transactionprogram also includes a unique identifier.

[0069] When the transaction program 98 is selected by a user of thecellphone 24, the cellphone 24 displays a series of screens in a similarway to a conventional ATM display. A typical screen 100 is shown in FIG.7, which shows various cash withdrawal options, such as ten pounds 102,twenty pounds 104, thirty pounds 106, and a download receipt option 108.The sequence of screens and the content of each screen may be customizedby the user. As the user carries his/her own graphical user interface,no graphical user interface is required on ATM 14.

[0070] Referring now to FIGS. 8 and 9, when a user 110 wishes towithdraw cash from ATM 14, the user 110 executes the transaction program98 (FIG. 3) on his/her cellphone 24, and prepares a transaction (step120 in FIG. 9). The user 110 prepares a transaction by entering his/herPIN using display 58 (FIG. 3) and selecting an option representing anamount to be withdrawn, such as twenty pounds (104 in FIG. 7). Thetransaction can be prepared remotely from the ATM 14 or in the vicinityof the ATM 14.

[0071] The controller 52 uses transaction program 98 to prepare anauthorization request (step 122) that includes the user's accountdetails, the user's PIN, the unique transaction program identifier, andthe prepared transaction requested (withdraw twenty pounds).

[0072] The controller 52 then encrypts the authorization request (step124) using the encryption facility in the transaction program 98. Theencryption facility uses a public key issued by the authorization center12 (FIG. 1).

[0073] The cellphone 24 then transmits the request (step 126) by dialinga telephone number associated with the telecommunications link 20 in theauthorization center 16 (FIG. 1). This telephone number may be stored inthe cellphone's electronic address book, in the ATM transaction program98, or may be entered into the keypad 62 manually by the user 110.

[0074] Once the cellphone 24 has established a link with theauthorization center 12, the cellphone 24 conveys the authorizationrequest to the center 12.

[0075] On receiving the authorization request, the authorizationfacility 16 decrypts (step 128) the request (using the authorizationcenter's private key) and examines (step 130) the decrypted request todetermine (step 132) whether:

[0076] (1) the user's PIN matches the users claimed identity (based onthe account details), and

[0077] (2) the user 110 has sufficient funds to cover the requestedtransaction.

[0078] If these conditions (1 and 2 above) are met, then theauthorization facility prepares (step 134) a transaction authorizationmessage.

[0079] If these conditions (1 and 2 above) are not met, then theauthorization facility prepares (step 136) a transaction denied message.

[0080] The transaction authorization is a digitally signed authorizationfor the user 110 to withdraw twenty pounds from the account numbercontained in the authorization request. The transaction authorizationalso includes the unique transaction program identifier. The use ofdigital signatures to authenticate data is well known to those of skillin the art.

[0081] The telecommunications link 20 then transmits (step 138) theappropriate message (transaction authorization or transaction denied) tothe cellphone 24.

[0082] If the cellphone 24 receives a transaction denied message thenthis is displayed to the user 10 on the display 58.

[0083] If the cellphone 24 receives a transaction authorization, thenthe user 110 may execute this at ATM 14.

[0084] To execute this transaction, the user 110 approaches ATM 14 andaligns the IR port 60 (FIG. 3) with the communications port 42 in theuser interface 40 of the ATM 14.

[0085] The user 110 transmits the received transaction authorization andthe unique transaction program identifier to the ATM 14 using the IRport 60 and communications port 42, as illustrated by broken line 112.

[0086] On receiving the transmitted data (transaction authorization andunique identifier), the IrDA port 42 conveys the transmitted data to thecryptographic device 34 via the processor 30. The cryptographic device34 examines the transaction authorization and decrypts the signatureusing the authorization center's public key to ensure that thetransaction authorization meets a predetermined acceptance criterion, inthis embodiment, the acceptance criterion is twofold:

[0087] (1) that the authorization has not been modified, and

[0088] (2) that the unique identifier contained in the transactionauthorization matches the unique identifier transmitted with thetransaction authorization.

[0089] If the transmitted data meets this acceptance criterion then thetransaction is fulfilled by the ATM 14 dispensing twenty pounds to thedispense tray 40 for collection by the user 110.

[0090] The ATM 14 stores the transaction authorization in non-volatilememory (not shown) in the processor 30 (or the cryptographic device 34)for reconciliation and audit purposes. The ATM 14 also transmitsconfirmation of the transaction to the cellphone 24 via ports 42 and 60.

[0091] If the transaction authorization is not validated, for examplebecause the authorization has been modified, then the processor 30transmits a message to the cellphone 24 to inform the user 110 that thetransaction cannot be fulfilled. This provides the user 110 withfeedback relating to the status of the transaction.

[0092] Various modifications may be made to the above describedembodiment within the scope of the invention, for example, in otherembodiments, the electronic device may be a PDA, an Internet accessdevice, or such like. In other embodiments, each electronic device mayhave a unique identifier that is used to stop a third party interceptingthe transaction authorization from the authorization center andexecuting the transaction using a different electronic device to thatused by the user. In other embodiments, different authorization andsecurity techniques (for example, different encryption techniques) maybe used than those described above. In other embodiments, the portabledevice may physically couple to the ATM and data may be transmittedthrough a physical connector. In other embodiments, items other thanbanknotes may be dispensed. In other embodiments, the self-serviceterminal may include a storage area for receiving items from a user;such a storage area may be used in addition to or instead of thedispenser. In other embodiments, the terminal may include a displayand/or an encrypting keypad. In other embodiments, the terminal may be aconventional terminal having been retrofitted with a communications portand a program to allow the terminal to receive a transactionauthorization from a portable device. In other embodiments, the portabledevice may store a series of transactions that have transactionauthorizations associated with them. In other embodiments, fulfilling atransaction may involve allowing a user to use one or more of thefacilities provided by the terminal, for example, a printing facility, adisplay, or such like. The terminal may also provide some form ofidentity validation for the user.

What is claimed is:
 1. A self-service terminal comprising: acommunication port for interfacing with a user's portable electronicdevice and for receiving a transaction authorization therefrom; andmeans for receiving a requested transaction from a user's portableelectronic device and for fulfilling the requested transaction withoutthe terminal preparing an authorization request.
 2. A self-serviceterminal according to claim 1 , further comprising (i) a dispenser fordispensing items, and (ii) means for cooperating with the dispenser todispense an item to fulfil the requested transaction without theterminal preparing an authorization request.
 3. A self-service terminalaccording to claim 1 , further comprising (i) a storage area forreceiving an item inserted by a user, and (ii) means for cooperatingwith the storage area to receive an item from a user as part of therequested transaction without the terminal preparing an authorizationrequest.
 4. A terminal according to claim 1 , wherein the communicationport comprises a wireless communication port.
 5. A terminal according toclaim 1 , wherein the communication port comprises a physical cradleinto which the user's portable electronic device couples.
 6. A terminalaccording to claim 1 , further comprising means for storing eachtransaction authorization for proving that a transaction has beenexecuted.
 7. An automated teller machine (ATM) for allowing an ATMcustomer to carry out a financial transaction, the ATM comprising: acommunication port for interfacing with an ATM customer's device and forreceiving a financial transaction authorization therefrom; and means forreceiving a requested financial transaction from an ATM customer'sdevice and for fulfilling the requested financial transaction withoutthe ATM preparing an authorization request.
 8. An ATM according to claim7 , further comprising (i) a cash dispenser for dispensing cash, and(ii) means for cooperating with the cash dispenser to dispense cash tofulfil the requested financial transaction without the ATM preparing anauthorization request.
 9. An ATM according to claim 7 , furthercomprising (i) a storage area for receiving an item inserted by an ATMcustomer, and (ii) means for cooperating with the storage area toreceive an item from an ATM customer as part of the requested financialtransaction without the ATM preparing an authorization request.
 10. AnATM according to claim 7 , wherein the communication port comprises awireless communication port.
 11. An ATM according to claim 7 , whereinthe communication port comprises a physical cradle into which the ATMcustomer's portable device couples.
 12. An ATM according to claim 7 ,further comprising means for storing each financial transactionauthorization for proving that a financial transaction has beenexecuted.
 13. A portable electronic device comprising: a user interfacefor entering a transaction; an authorization request facility forpreparing an authorization request including details of the enteredtransaction; a communication port for interfacing with a self-serviceterminal; and means for (i) transmitting an authorization request to aremote authorization center, (ii) receiving a transaction authorizationtherefrom, and (iii) transmitting the transaction authorization to aself-service terminal for fulfilling the prepared transaction.
 14. Adevice according to claim 13 , wherein the authorization requestfacility includes means for providing details of the transactionrequested and/or an expiry time and/or date for the transaction, inaddition to an authorization for the transaction.
 15. A device accordingto claim 13 , wherein the authorization request facility includes meansfor providing details of a specific terminal on which the transactionmay be executed.
 16. A device according to claim 13 , wherein theauthorization request facility includes means for providing detailsspecific to the device, so that only that device can be used to executethe authorized transaction.
 17. A transaction system comprising: aself-service terminal including a communication port for interfacingwith a user's portable electronic device and for receiving a transactionauthorization therefrom, and means for receiving a requested transactionfrom a user's portable electronic device and for fulfilling therequested transaction; and a user's portable electronic device includinga communication port for interfacing with the communication port of theself-service terminal, a user interface for entering a transaction, anauthorization request facility for preparing an authorization requestincluding details of the entered transaction, and means for (i)transmitting an authorization request to a remote authorization center,(ii) receiving a transaction authorization therefrom, and (iii)transmitting the transaction authorization to the self-service terminalfor fulfilling the prepared transaction.
 18. A system according to claim17 , wherein the communication ports comprise wireless communicationports.
 19. A system according to claim 17 , wherein the communicationport of the self-service terminal comprises a physical cradle into whichthe user's portable electronic device couples.
 20. An authorizationrequest facility for executing on a portable electronic device, thefacility comprising: means for receiving an entered transaction; andmeans for preparing an authorization request including details of theentered transaction for transmission to a self-service terminal.
 21. Apublic access docking terminal for a portable electronic device, thedocking terminal comprising: means for extending the functionality ofthe portable electronic terminal, and means for providing services whena transaction authorization is received from the portable electronicdevice.